DARPA, the Defense Advance Research Project Agency, directs billions of dollars towards research. One of these research areas is Cyber. In 2010 DARPA hired "Mudge", the hacker who led the early hackerspace L0pht @stake, to create, direct, and manage cyber research efforts for the Department of Defense.
This talk presents the new approaches that the agency is embracing and types of research efforts and how they diverge from traditional cyber efforts. Much of the existing and historic security solutions are focused on buying tactical breathing space without driving towards convergence with the actual cyber threats and problems. This talk looks at what the differences between efforts to buy tactical breathing space and those driving towards convergence with evolving threats actually are.
Code analysis, surface areas exposed by security products and layered security solutions, game theory and irrational actors, and policy are evaluated and applied to existing and future efforts.
The talk also focuses on new efforts to allow the government to help fund and embrace hacker spaces and the community of "makers" and 'homebrew researchers" as non-traditional performers.
The person many people remember as an early pioneer of buffer overflows, full disclosure, security advisories, the front man for 'the L0pht and founder of @Stake… is now a senior DoD official. The inventor of L0phtCrack; AntiSniff; L0phtWatch/Tempwatch; and SLINT (one of the early tools for automating source code vulnerability analysis), He is the hacker that in 1998 told the US Senate the Internet could be taken down in 30 minutes. He firmly believes hackerspaces and the maker community are valuable and underutilized resources for research and ingenuity and that the more should be done to encourage these groups.